Ex-TSA Employee Charged with Infecting Databases

By Kevin McCaney

03/16/2010

A federal grand jury in Colorado has charged a former Transportation Security Administration data analyst with injecting malicious code into two TSA databases last year, about a week before his employment was about to end.

An indictment handed down March 10 alleges that Douglas James Duchak, 46, of Colorado Springs, Colo., intentionally tried to damage two protected computers in October 2009 at the Colorado Springs Operations Center, where he worked. The center handles data from the interagency Terrorist Screening Database (TSBD) and the U.S. Marshal Service's Warrant Information Network (WIN).

According to the indictment, Duchak was told on Oct. 15 that his employment would be terminated on Oct. 30. On Oct. 22, he allegedly inserted code into the WIN database in an attempt to cause damage to the host computer and the database. The next day, he did the same thing to TSBD, the indictment charges. The code reportedly was intended to activate at a later date, but was caught first by other employees. The indictment doesn't say what kind of damage the code would have caused.

Duchak pleaded not guilty in U.S. District Court in Denver on March 10, and was released on bail. In a report at Wired.com, Duchak's attorney said the servers Duchak is charged with infecting were parts of beta systems used for testing statistical analyses.

If convicted, Duchak faces up to 10 years in federal prison and a fine of up to $250,000 for each of the two counts.

The TSBD is handled by the FBI’s Terrorist Screening Center and used by multiple agencies. It contains a variety of watch lists, including the Homeland Security Department's no-fly list and the Justice Department's Interpol Terrorism Watch List.

This case was investigated by TSA's Office of Inspection, Homeland Security Department's Office of the Inspector General and the FBI.